Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

SUSE Linux: 2021:0679-1 Important Grub2 Security Fix Details

suse
Calendar Grey March 2, 2021
Dist Suse Esm H88
The recent grub2 update addresses various bugs and security vulnerabilities. Discover the critical information regarding this significant security enhancement.
An update that solves 7 vulnerabilities and has one errata is now available

Summary

This update for grub2 fixes the following issues: grub2 now implements the new "SBAT" method for SHIM based secure boot revocation. (bsc#1182057) Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)

References

#1175970 #1176711 #1177883 #1179264 #1179265

#1182057 #1182262 #1182263

Cross- CVE-2020-14372 CVE-2020-25632 CVE-2020-25647

CVE-2020-27749 CVE-2020-27779 CVE-2021-20225

CVE-2021-20233

CVSS scores:

CVE-2020-14372 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2020-25632 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2020-25647 (SUSE): 7.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2020-27749 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2020-27779 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2021-20225 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2021-20233 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products:

SUSE OpenStack Cloud 7

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0679-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.